This is part of a series on the RUCKUS line of controllers. To read the introduction and to find other posts in this series, please see the first blog post which can be found here.
What is RUCKUS SmartZone Essentials?
My first introduction to the RUCKUS platform, the one I talked about in the introduction, was ZoneDirector (ZD). I might write a review of that platform (it’s still around by the way) but next I want to talk about the platform that caught my eye at Black Hat in 2019. That is the SmartZone (SZ) platform. SmartZone was first introduced back in 2015 but it took me 4 years to discover it.
SmartZone, hereafter referred to as SZ, is an overarching “concept” (I’m sure someone in marketing is going to send me an email right about… NOW) of controlling networks, both wired and wireless, using a single operating system but in multiple ways, all dependent on the requirements of the network in question. To help explain it I am going to reference the following chart:
*All the charts that I am using are taken from the data sheet for the SmartZone controllers that can be found here.
Instead of trying to tackle all 4 of those offerings in one post, I decided to split the table above by audience and for this post, focus on the “Mid to Large Enterprise” offerings as the GUI for the platforms also use that split. From an operational perspective there is little difference between the SZ144 and the vSZ-E so that makes it easier to cover both at one time. Also, the High Scale versions, the one that I tweeted about that started this whole adventure, has some interesting features that I want to cover separately and dedicate some time to fully delve into it.
As far as what SmartZone is, there isn’t anything groundbreaking here. Just like the previous controllers I’ve looked at (Unleashed & Cloud) it is a converged network controller so it can manage and control both your network of RUCKUS APs and RUCKUS ICX switches the APs are plugged in to. From an actual controller perspective it can do everything that you have come to expect from a controller but later I will go through some additional things that it can do that you might not expect from a “run of the mill” controller.
The last thing I want to touch on before we move on is the form that the controller can take. Even after my review of RUCKUS Cloud I am still on the fence about “cloud” controllers. I said in my post that I can see where a product like that fills a need in the market, and the need for some customers, but I will always be a fan of controllers that I have final say and control over, for good and bad sometimes. (Yes, I have crashed a network multiple times during the day when my controller appliance didn’t behave the way I expected it to, but I still like them.) What has intrigued me by the SZ family of controllers is the choice it gives me. If there is a customer who is like me and wants a physical controller in their data center, that is an option. If they have a robust virtual environment, then the Virtual SmartZone (or vSZ) is the way to go as it gives you the same features, functions, and UI as the physical appliance but without requiring additional rack space, cooling, and needed power plugs. Maybe the decision has been made to move to Public Cloud. Guess what? The virtual SmartZone can be deployed there as well, with some limitations that comes with a Public Cloud type of deployment. Maybe it’s going to be like me in the next post where I connect my APs to a virtual controller hosted in someone else’s data center. Not Public Cloud, but not really my cloud either.
All that is left is deciding on which row you want to pick from in the chart above; the top or the bottom.
How to select RUCKUS SmartZone
In my previous posts in this series I went over how to set up the controller that was the topic for that post. Since the SZ family can be a little more in depth, and have multiple options, I’m not going to do that. Each platform has its own “Getting Started” guide on the support site and I recommend you follow that instead. What I do want to talk about is the scaling and why a network would use the SZ Essentials (either the virtual or the appliance based) for their network controller.
I went ahead and added in the ZoneDirector (ZD) numbers as well as the Unleashed numbers for comparison. If converged management (AP and switch) is a requirement, then ZD can be ruled out. If the scale of Unleashed doesn’t meet the requirements of the network, then SmartZone Essentials is where you should start looking. In this instance, both the appliance (SZ144) and the virtual (vSZ-E) have the same scale and function so select the deployment model that works best for you. If the Essentials version I am talking about this week doesn’t quite have the scale you are looking for then come back next week when I go to the High Scale version.
Spoiler Alert – it scales higher.
Now, if you are asking yourself about that cluster number in the table above, you are going to have to wait until the advanced section later on. It’s a concept that I just love, and it makes so much sense to me I often wondered why I didn’t think about it before.
Follow the set up guide for the platform you selected, and then we can get some APs online. APs discover and join the controller in a couple of different ways, and they are all covered in the guide but I am going to list them here really quick to save you some time.
- Hard coded via the GUI or CLI, your choice.
- Layer 2 discover using MDNS.
- DHCP Option 43.
GUI or CLI requires accessing the AP via either method and entering the IP address of the controller in the management section or using the CLI command of set scg ip address. After the APs start to discover the controller, and start to join, it’s now time to get some things running.
Configuring RUCKUS SmartZone Essentials
Now, there is a TON of stuff to do to configure any SZ platform, and I’m not even going to try to get into every and all setting here. There is a 500+ page guide on the support site that you can read and use for configuration, and I highly recommend you read and follow that long before you rely on my blog post. What I want to cover here are a couple of highlights and key things I found, before we get into managing the networks and some advanced things.
Upon logging in you will see a menu on the left hand side and as you click through it, the main windows will change. For now I want to concentrate on the 2 things needed to get a network on the air. Start with Access Points and get those under control, and then we can build a network or two under Wireless LANs. Now, the first thing I want to break down is the hierarchy seen here on the right. Whether you are in Access Points or Wireless LANs, the next pane over looks the same and is one of the differentiators between the Essentials or SZ1xx series controllers (my SZ100 shown in the green box) and the High Scale or SZ300 series in the next post.
The Essentials version will only show one Domain (the “D – System”) and then the zones below it whereas the High Scale has multiple domains. More on that next week!
Each Zone (denoted by the “Z – Colorado”) has AP groups below it (not shown). If you read my multigenerational AP control post you know that each zone can have its own firmware and other settings and such. The other thing that I will point out is the “Default Zone” there at the bottom. Now, since I run 3 generations of APs, I have some funky rules to get my APs onboarded but for the “normal” folks when an AP joins the SZ, it is placed in the Default Zone by, well, default and once it has updated it’s code version you can then move it to the Zone it is supposed to be in.
For me, and this series, I used my trusty R750 that has been through Unleashed and Cloud and simply deleted it from my Cloud controller, hit the reset button, and then added a reserved DHCP address on my DHCP server. Before I knew it my AP had joined my controller and was in the correct Zone. Read my post from earlier on tips on how to do that.
Now, the eagle eye reader might notice that I have in fact 4 APs online on this controller. What I want to point out is that selecting the Zone in the left pane will then limit the AP list to just the APs in that zone. The same applies for as you work your way up and down the left hand window. Domains, Zones, and AP groups will filter, or not filter, the APs that belongs to that level of the tree. Now that the AP is online, next is the WLAN.
Selecting Wireless LANs from the left menu gets you to a similar screen as the Access Points screen from above. If no network is selected, then Create is about as good as it gets for you. Selecting a network already built allows for Configuration (edit), Clone, and Delete to be enabled. In this menu the More button doesn’t get you as much as it does in the AP menu above, but I always like to click it anyways to see what little tricks the developers have hidden that we tend to forget about. For our effort now, to get a new SSID on the air, we want to Create a WLAN, so that is the button to choose.
As you can see, there are a few things to cover here. General options are giving it a name, configuring the SSID, and then assigning it to a Zone and Group. Authentication options allow for assigning things like WISPr and Hotspot 2.0 or 802.1X or just open. Encryption is where WEP/WPA/WPA2/WPA3/OWE comes into play (depending on the code version of the Zone selected in the general options). Data Plane is something I will cover in a couple of weeks (for those wondering about the mythical “Layer 2 boundary”) and then down the list. The Advanced Options at the end could be an entire blog post on it’s own so just trust me when I say there is a lot to go through and options to configure. Luckily, most of what can be configured is “self explanatory” but if not, I tend to refer to the guide for my version of code that can be found on the support site.
Once the WLAN is created and assigned to the same Zone/Group as the AP, you get a network that your devices can connect to. As I suspect that most people reading this are pretty comfortable with this concept, let me move on to some of the things that I found this controller can do that is maybe outside the ordinary.
Managing RUCKUS SmartZone
The Dashboard is still a work in progress for me actually. There are multiple things that can be customized, to include different maps, but let me show you what I have today and what I like about it.
The “System” layout I am using above can be expanded, or collapsed, as needed, and as the system requires. If I had an alarm, or something I needed to address, the colors would change and I can click on almost anything to link to where I need to go to look. Performance and Connection Failures come next, and allows me to drill into any issue that may come up. This isn’t AI/ML, RUCKUS Analytics fulfills that role, and both SZ and vSZ can be joined to RUCKUS Analytics for that extra insight. This is just good old fashioned data. Cool data, but just data. Below the Performance and Connection panels (they are a little dry, not going to lie about it) is the Traffic Analysis panel. This one I like.
This can be adjusted time wise to show the last hour, last 24 hours, last 7 days, or the last 14 days. It’s not something that is going to shake the Earth, breakthrough wise, but it is nice to have it on the controller. After that is a section on the clients, and the top talking clients.
Based on the clients that I have in my house, this information is pretty close to accurate. Granted, I don’t have the application visibility turned on (?) so that isn’t populated but the rest is pretty accurate. There is a page for Wireless Clients as well as wired clients, and an entire switch dashboard (mine is pretty anemic so I won’t share that) but the configuration side is pretty cool, so I will show you that here.
As you can see, with just my test AP plugged into my test switch, there isn’t much from a monitoring perspective to show, but I like the image and the information in the table below. Selecting a port and clicking Configure allows me to actually manage the port from here. VLANs, PoE, port speed, spanning tree, these can all be managed from here. Granted, there are still some configurations that will require a CLI to do, but even that is easy to do. Remember that More button I mentioned earlier? It comes in pretty handy when dealing with ICX switches.
Along with backing up the configuration of the switch, stacking switches, and getting the logs from the switch, there is even a CLI session that can be launched from the browser window. When I think of a converged management platform for my network, this really starts to tick a lot of the boxes for me!
Advanced RUCKUS SmartZone
While there is a lot I didn’t cover in the configuration and operation of the SZ, I wanted to get to some advanced features that are included with SZ that I think is just really cool.
The first thing that I love about SZ can be seen in the table above with the scaling specifications. While Unleashed utilizes a redundancy feature in which any AP can take over the management aspect of the network (or you can assign it) SZ uses a clustering feature with N+1 redundancy which I find cool. By adding a second controller as an Active/Active device in the cluster, customers can not only add resiliency, they also can add capacity. That extra appliance or OVA you licensed can actually do something for you. They can be scaled up to 4 controllers with the 4th controller acting as the N+1 to take over in case one of the other three fails. By allowing customers to utilize these redundant controllers to add capacity it makes for a better experience. Also, adding a controller to an existing cluster is a thing, allowing for an increase later when it is needed, not trying to speculate years in advance.
Now, if I am not 100% accurate on the preceding paragraph about the clustering of controller, go on Twitter and complain to Rodolfo Thone. He probably taught me wrong. But anyways…
The lower main menu is full of cool stuff, but I am going to focus on the Services & Profiles and Troubleshooting, easily the two sections that I love to experiment with. Services & Profiles can be accessed through links from other parts of the platform as you configure different items, but the way to get to them individually is here. Things like configuring Hotspot 2.0 or different types of captive portals can be found here.
Another feature is Wi-Fi calling where the AP will sniff the traffic and if it sees any traffic destined for a cellular gateway (ePDG) it will automatically tag it with the proper QoS. I’ve known about Wi-Fi calling but never set it up until now because it always scared me. This makes it so easy there isn’t an excuse any more.
AAA setting are also set up and managed from this page. Bonjour settings are built here as well as tunnels like Ruckus GRE or IPSec. Build it all here and then assign it to the networks as needed.
Another one I want to hit on in the Services section is the one I was the most surprised about and that is WIPS. You might have noticed in the earlier section about APs there was an entry for monitor mode APs. These monitor mode APs can be used for the built in WIPS platform that is included without any additional licensing or servers needed. Granted, there aren’t 150 different WIPS rules to configure (just 13) but they are all pretty good rules to have around, especially for monitoring or even more pertinent now, any type of AP that is plugged into your wired network and see on the air or APs that you don’t manage but are broadcasting your SSID. Those are there, and included.
The last thing I want to call out before wrapping this up is the Troubleshooting section.
There are 2 Troubleshooting tools included in SZ that can be pretty cool, and one that I found really useful. The first one is Spectrum Analysis. This involves selecting that in the Type drop down in Step 1 and then in Step 2 entering the MAC address of the AP you want to use. Granted, this will knock clients off that radio, but it is cool.
While it looks cool I found the sweep time for the 5 GHz band to be a little slow for my liking and not as conclusive as one might hope. In the 2.4 GHz band, shown above, the smaller band resulted in a better sweep time and more expected result. For a refresher, sweep time is the amount of time it takes to scan the spectrum assigned. More spectrum means more time between sniffing a specific channel. On a tangent, this is in my house and while the beacon look like a disaster I am impressed at how little traffic is being passed on the band. Remember, a beacon with no traffic isn’t as impactful as you might think. Maybe there is some hope for that band yet!
The other tool that I find REALLY useful is the Client Connection tool. The default tool in Step 1, it then involves adding the client MAC address you are interested in monitoring, and then selecting the APs that you expect the client to interact with. It can be a single AP or the entire zone. Selecting more than 1 AP can really give you a good idea of which APs can hear the client, and how well they hear them. Click Start and let the test run.
I selected every AP in my house, and as soon as the client device started to probe, I got some cool results. Based on the Airtime Utilization column on the right hand side, maybe 2.4 GHz isn’t as resurrected as I thought? After the probing comes the next step, authentication and association. That may be common knowledge, but have you ever seen it presented like this?
There it is. Each step, broken down, and in the second that it happened. I had my device change from one SSID to another, and it all happened in the matter of 2 seconds, as seen in the time stamp in the red boxes on the right. Had any of this process failed, there would have been a red arrow, and not the light green arrows seen here. I have solved a couple of problems using this tool just by understanding what would cause that arrow to turn red. While spectrum analysis seems cool to watch those colors change and the lines jumping around, being able to figure out why clients are complaining about their specific device is really where we as Network Engineers make a living. Want to be warned about issues ahead of time? That is possible but also involves RUCKUS Analytics. You can click on the link to learn more, but just to give you a teaser, here is a live look at current clients today.
FYI – It looks like whoever has the AP Group named “Tyrone” needs to take a look at their setup to improve their RF health. That’s shown one panel below this but it would be too redacted to bother including. Just trust me on this one!
RUCKUS SmartZone Essentials Final Thoughts
SmartZone Essentials running on a physical appliance is what I saw at Black Hat US 2019 in Las Vegas, NV and I think because of that it will always have a soft spot in my heart. Watching Mo Williams navigate the platform and help troubleshoot issues as they were reported was really cool. If there was something she found she was able to click on it and move between AP, WLAN, and Client, in order to resolve issues. Like I said, it just flowed.
In keeping with the theme of this series, this has been a VERY less than complete overview of the SZ platform. If I didn’t mention it, it wasn’t because I didn’t think it wasn’t important, I am just trying to keep this less than 5,000 words. SmartZone is a converged network controller and so far, the most competent one I have seen. Giving operators the flexibility to deploy via an appliance or virtually, either in private or public cloud, is handy. When I first started to look at the controller options from RUCKUS I was a little overwhelmed, thinking there were so many. When I finally understood that SZ was really just one option but formatted in 4 different ways based on what customers needed, it really cleared things up. Instead of 7 different options, there are really just 3. Unleashed (and ZoneDirector) are one train, RUCKUS Cloud as a SaaS being the second, and finally SZ as the final step, really made it easier to understand.
Pick the train that works best for you and then pick the flavor of that train that best fits your needs and build from there. What makes it easier is the ability to take the same AP with you as you go. For my journey I picked the R750 and so far it has taken me from Unleashed to Cloud and now SmartZone. This SZ was an appliance in my house but next week, when I cover the High Scale version that is vSZ-H, that will be a virtual controller hosted 2 states away. I better start thinking about how to make that happen…
To give you a really good barometer of what the SZ is capable of doing, keep this in mind. I have made it to the end and I haven’t mentioned a troubleshooting feature that many consider vital. Doing captures, whether they are over the air wireless frames or packets on the wire, SZ has this built in as well. It’s not in the Troubleshooting feature I discussed earlier but in the individual AP settings I discussed WAY back at the beginning. Remember that More button I discussed? Click on an AP, hit that more button, and buried in there is the capture function.
That is how feature rich this platform is. The more I attempt to learn about what they have managed to cram into this platform, the more I learn there is to learn. When organizations can pair up the awesome RF technology they get with the APs (BeamFlex) with a controller platform as full-featured and intuitive as the SmartZone platform, it really makes me want to get back into the customer space.
But not now.
Since I know I probably missed a feature, or got something wrong, please leave me a comment below about what you might know about the SZ that I missed. If you have more questions about SZ, feel leave to reach out to me directly or leave a comment and we will get you taken care of.